Hi LasVegasCop,
I'm curious if you testify about your findings, and if so, have you been up against another examiner on the other side? Did you win, did you find it beneficial?
Or do you do the knock/announce and on site seizure, and then work the drives from that state
Are you referring to the findings of this test? or general data forensics examinations
Hi LasVegasCop,
I'm curious if you testify about your findings, and if so, have you been up against another examiner on the other side? Did you win, did you find it beneficial?
Or do you do the knock/announce and on site seizure, and then work the drives from that state
I am retired now and I own Nevada Digital Forensics. I did computer forensics for Las Vegas Metro PD since 1998 until Sept of last year.
I have never been up against another examiner and I have testified more times than I can count.
I have never lost a case when I was with the PD.
When we (the PD) goes to a residence they always go with a search warrant. THey do a preview at the site then when it is confirmed that there is CP they seize everything that can hold data and do a complete examination at the police lab.
Is the triage on site to find CP a legislative requirement in Vegas?
This is pure curiosity as I find the different laws regarding search and seizure quite fascinating, particularly in parts of the US where the rules can be quite different to here in Australia.
For example, in Western Australia, the Police can seize anything capable of storing digital information based purely on suspicion. There needs to be enough evidence to support the search warrant in the first place, but once they are in the door anything is game. They can search floor to roof, inside cavities bags etc, there is no plain site laws or anything like that.
However, our Federal Police have to do an onsite triage of any computer/mobile phone to prove that it actually has evidence of the suspected crime before they can seize and conduct a full examination. I think once one item has shown positive evidence then the rest becomes fair game, but some onsite work has to be done.
I've assisted in a few Federal warrants since I left the State Police and I have to say I hate the onsite triage, nothing worse than having several non technical detectives breathing down your neck along with the suspect all watching and waiting P
no, in Nevada they can force entry into your home and seize everything that holds data as long as there is a search warrant.
THere are a few reasons that they preview. One reason is so that they don't have to take every thing they find.
One thing an examiner hates is to do 7 computers when only one contained contraband.
Really?
I'm the complete opposite, I'd rather examine 10 devices and only find CP on 1, knowing that I've looked at everything available.
No matter how good your triage tool is or how experienced an examiner is, the chance of missing something during triage would have to be far greater than during a lab analysis.
Really?
I'm the complete opposite, I'd rather examine 10 devices and only find CP on 1, knowing that I've looked at everything available.
No matter how good your triage tool is or how experienced an examiner is, the chance of missing something during triage would have to be far greater than during a lab analysis.
Well, thats true..
actually I misspoke.
when your case load is so great that you are approaching being a year behind sometimes a little triage helps out.
THat being said, even when they triage the case at the scene they still take everything but label the KNOWN device as the most important device but they still examine the others.
Caseload permitting I understand )
I think being from sleepy Perth my idea of a heavy caseload probably differs somewhat from other parts of the world.
I only use a compression level of 1 with FTK Imager.
For the percentage of space saved by using higher compression levels the additional compression time isn't worth it.
From my tests if I remember rightly encase6 was the fastest under windows. Encase 7 being slower than all other tools.
More data
https://
yes, I saw that last week.. a much more scientific test.